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DETAILED ACTION 
Claim Rejections - 35 USC § 101 

1 . 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

2. Claims 10-18 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. An authenticator signal is not tangible, as it 
can include carrier waves for example. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which the subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 10-21, are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Briscoe et a!., USPub 2004/0187024 in view of Alkhatib et al., USPub 2004/0249974. 

With regard to claims 10, 15, 19, and 20, Briscoe discloses an authentication 
protocol for increasing safety against a computer access attack for point-to-point 
communication ([0010]), between a client computer and a server ([0002]), to services in 
at least one of a network for data and telecommunication utilizing a challenge-response 
pattern ([0016]), including receiving from a client computer an authentication request 
containing a clients username to a server providing the services (secret signature), the 
server identifying the client computer IP address and a client password accessible by 
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the server through the transmitted username (Fig 3) the server responding with an N 
byte nonce numerical value (issuing network entity [0045), the authentication request 
including a hash value of at least the parameters clients password, client computer 
unique IP address, server unique IP address, and the nonce value ([0045]) receiving the 
hash value from the client computer as an authenticator for accessing the services 
([0046]) and the server reproducing the authenticator by utilizing the hash algorithm and 
the parameters clients accessible password, client computer unique IP address, server 
unique IP address, and the nonce value, comparing the reproduction with the 
transmitted authenticator, and granting an access to the server and services if the 
reproduced authenticator matches the transmitted ([0064]). Briscoe does not teach 
using this protocol to prevent a man-in-the-middle attack. Further, Briscoe teaches 
using the same method for a client to verify the server ([0046]). Alkhatib discloses using 
a seed to thwart man-in-the-middle attacks ([0151], [0158]). The seed of Alkhatib is 
combined with the IP addresses in a similar manner as Briscoe. It would have been 
obvious for one of ordinary skill in the art to use the "cookie" of Briscoe to thwart the 
man-in-the-middle attack of Alkhatib since it is irreproducible by other parties, the stated 
motivation of Briscoe ([0046]). 

With regard to claim 1 1 , Briscoe discloses using a time parameter to create the 
nonce ([0046]), thus it will be different every time. 

With regard to claim 12, Briscoe discloses that the seed of the nonce is random 
([0044]). 
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With regard to claim 13, and 14, Briscoe discloses the nonce includes a password 
(Ka) and a volatile value (timestamp) ([0046]). 

With regard to claims 16 and 17, Alkhatib discloses HMAC-Sha-1 is a known hash 
function ([01 33]). It would have been obvious for one of ordinary skill in the art to use 
SHA-1 as the hash function of Briscoe since it is a widespread standard and secure. 

With regard to claim 18, Briscoe in view of Alkhatib discloses the protocol of claim 1 , 
as outlined above, but does not disclose using salt. The examiner takes official notice 
that using salt is well known in the art. It would have been obvious for one of ordinary 
skill in the art to use salt In Briscoe to protect against dictionary attacks. 

With regard to claim 21 , Briscoe in view of Alkhatib discloses the protocol of claim 
20, as outlined above, but does not disclose identifying an attacker. The examiner takes 
official notice that it is well known ion the art to log attacks and attackers. It would have 
been obvious for one of ordinary skill in the art to identify the attacker of Briscoe in view 
of Alkhatib to increase future security against the attacker. 

Allowable Subject Matter 

5. Claims 1-9 are allowed. 

6. The following is an examiner's statement of reasons for allowance: The examiner 
found applicant's arguments with regard to independent claim 1 persuasive. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 
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Conclusion 

7. Any inquiry concerning this communication or earlier communications from tine 
examiner should be directed to JACOB LIPMAN whose telephone number is (571)272- 
3837. The examiner can normally be reached on M-Fr. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571-272-381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Jacob Lipman/ 
Examiner, Art Unit 2134 



